Enable concurrent socket factory use on all JVMs

Enabled concurrent socket factory use for all versions of Java. In the past, we have observed that at least some IBM JVMs had a thread safety issue with SSL socket factory implementations, so we only allowed a socket factory to be used concurrently by multiple threads on a whitelisted set of JVMs. We no longer believe that the IBM JDK socket factory thread safety is an issue, and there are now many more JVM vendors (e.g., Apple, Azul, Amazon Coretto, AdoptOpenJDK, and potentially Red Hat), so concurrent socket factory use will be enabled by default. If an issue is found ona particular JVM, then concurrent access can be disabled programmatically or with a system property.
pingidentity · May 23, 2019 · 5410fbc · 5410fbc
1 parent fb964c1
commit 5410fbc
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 35 deletions.
diff --git a/docs/release-notes.html b/docs/release-notes.html
@@ -210,14 +210,15 @@ <h3>Version 4.0.11</h3>
                 </li>
 
                 <li>
-                  Updated the LDAP SDK to allow multiple threads to concurrently use the same SSL
-                  socket factory instance when running on an Amazon Coretto JVM.  Some socket
-                  factory implementations (at least on some IBM JVMs) are known to not properly
-                  handle concurrent SSL socket factory use, so the LDAP SDK offers a whitelist of
-                  JVM vendors for which it will permit concurrent socket factory use.  Since
-                  Amazon Coretto uses the Sun/Oracle lineage (like JVMs from Apple and Azul, which
-                  were already handled), it should be safe to allow concurrent SSL socket factory
-                  use on that JVM.
+                  Enabled concurrent socket factory use for all versions of Java.  In the past,
+                  we have observed that at least some IBM JVMs had a thread safety issue with
+                  SSL socket factory implementations, so we only allowed a socket factory to be
+                  used concurrently by multiple threads on a whitelisted set of JVMs.  We no
+                  longer believe that the IBM JDK socket factory thread safety is an issue, and
+                  there are now many more JVM vendors (e.g., Apple, Azul, Amazon Coretto,
+                  AdoptOpenJDK, and potentially Red Hat), so concurrent socket factory use will
+                  be enabled by default.  If an issue is found ona particular JVM, then concurrent
+                  access can be disabled programmatically or with a system property.
                   <br><br>
                 </li>
 

diff --git a/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java b/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java
@@ -1088,23 +1088,30 @@ public final class LDAPConnectionOptions
 
 
 
+  /**
+   * The name of a system property that can be used to specify the default value
+   * for the "allow concurrent socket factory use" behavior.  If this property
+   * is set at the time that this class is loaded, then its value must be
+   * either "true" or "false".  If this property is not set, then a default
+   * value of "true" will be assumed.
+   * <BR><BR>
+   * The full name for this system property is "com.unboundid.ldap.sdk.
+   * LDAPConnectionOptions.defaultAllowConcurrentSocketFactoryUse".
+   */
+  public static final String
+       PROPERTY_DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE =
+            PROPERTY_PREFIX + "defaultAllowConcurrentSocketFactoryUse";
+
+
+
   /**
    * The default value for the setting that controls the default behavior with
    * regard to whether to allow concurrent use of a socket factory to create
    * client connections.
    */
-  private static final boolean DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE;
-  static
-  {
-    final String vmVendor = StaticUtils.toLowerCase(
-         StaticUtils.getSystemProperty("java.vm.vendor"));
-    DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE = ((vmVendor != null) &&
-         (vmVendor.contains("sun microsystems") ||
-          vmVendor.contains("oracle") ||
-          vmVendor.contains("amazon") ||
-          vmVendor.contains("apple") ||
-          vmVendor.contains("azul")));
-  }
+  private static final boolean DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE =
+       getSystemProperty(PROPERTY_DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE,
+            true);
 
 
 

diff --git a/tests/unit/src/com/unboundid/ldap/sdk/LDAPConnectionOptionsTestCase.java b/tests/unit/src/com/unboundid/ldap/sdk/LDAPConnectionOptionsTestCase.java
@@ -60,7 +60,6 @@
 import com.unboundid.util.Debug;
 import com.unboundid.util.DebugType;
 import com.unboundid.util.LDAPSDKUsageException;
-import com.unboundid.util.StaticUtils;
 import com.unboundid.util.SynchronizedSocketFactory;
 import com.unboundid.util.SynchronizedSSLSocketFactory;
 import com.unboundid.util.ssl.HostNameSSLSocketVerifier;
@@ -155,20 +154,7 @@ public void testDefaultSettings()
            300_000L);
     }
 
-    final String vmVendor =
-         StaticUtils.toLowerCase(System.getProperty("java.vm.vendor"));
-    if (vmVendor.contains("sun microsystems") ||
-        vmVendor.contains("oracle") ||
-        vmVendor.contains("amazon") ||
-        vmVendor.contains("apple") ||
-        vmVendor.contains("azul"))
-    {
-      assertTrue(opts.allowConcurrentSocketFactoryUse());
-    }
-    else
-    {
-      assertFalse(opts.allowConcurrentSocketFactoryUse());
-    }
+    assertTrue(opts.allowConcurrentSocketFactoryUse());
 
     assertNotNull(opts.getSSLSocketVerifier());
     assertTrue(